Description
This article provides the solution to block a traffic from particular country.
Solution
- Create a geographical based address object.
- Go to Policy and Objects -> Addresses, select 'Create New' and fill as below:
Name: country name.Example: China.
Type: Geography.
Interface: wan1.
Enable Show in 'Address List' and select 'OK'.
- Create a wan to lan policy with source address as the country for which geo address object is created. In this case:
Source: China.
Destination: all
If in case any VIP policies exist, Keep the policy above VIP policies.
- However, still The incoming traffic will hit to normal VIP policies.
- Make the below changes in that policy in CLI.
This article provides the solution to block a traffic from particular country.
Solution
- Create a geographical based address object.
- Go to Policy and Objects -> Addresses, select 'Create New' and fill as below:
Name: country name.Example: China.
Type: Geography.
Interface: wan1.
Enable Show in 'Address List' and select 'OK'.
- Create a wan to lan policy with source address as the country for which geo address object is created. In this case:
Source: China.
Destination: all
If in case any VIP policies exist, Keep the policy above VIP policies.
- However, still The incoming traffic will hit to normal VIP policies.
- Make the below changes in that policy in CLI.
# conf firewall policy- Now traffic from China country will be blocked.
edit <firewall policy number>
set match-vip enable
Related Articles
